You manage the agent configuration through the paa.conf and agent.properties configuration files.
The /etc/httpd/conf.d/paa.conf file contains these configuration options.
Parameter | Definition | Default Value |
---|---|---|
PaaCertificateDir | String value containing the path to the certificates extracted from the .properties files. | conf.d |
PaaEnabled |
Determines whether the agent is enabled or disabled for a specific server configuration. Valid values: on/off This value can be set globally; set for individual virtual hosts, directories, locations, or files; or both. The most specific value is used. Note:
If you disable the PaaEnabled parameter globally, ensure that the PaaEnabled directive is set to on for the PingAccess reserved application context root. This is /pa by default. For example, adding this text to an included configuration file enables
PingAccess for the /pa context root and for the
/var/www/html/one
directory.
Adding this text to an included configuration file disables PingAccess
for all content in the /var/www/html/two directory
except for files named
page2.html .
|
on |
PaaPropertyFiles | List of .properties files that store configuration data used to connect the agent to the PingAccess engine nodes the agent will communicate with. | conf.d/agent.properties |
PaaEnabledNoteName |
An optional parameter which defines a note name. If a request includes a note with this name and a value of on or off, this value overrides the PaaEnabled setting for that request. If you want to use this feature, you must deploy a custom module to include this note with the correct value. |
paa-enabled-note |
The configured agent.properties files can contain the following parameters.
Parameter | Definition | Default Value |
---|---|---|
agent.engine.configuration.scheme | The URI scheme used to connect to the engine node. Valid values are http and https. | https |
agent.engine.configuration.host | The PingAccess host name. | The value in the Agent Node's
PingAccess Host field. |
agent.engine.configuration.port | The port the agent connects to
on the PingAccess host. This value is defined in the PingAccess
run.properties file. |
Defined in the PingAccess Admin UI |
agent.engine.configuration.username | The unique agent name that identifies the agent in PingAccess. | Defined in the PingAccess Admin UI |
agent.engine.configuration.shared.secret | The password used to authenticate the agent to the engine. | Defined in the PingAccess Admin UI |
agent.engine.configuration.bootstrap.truststore | The base64-encoded public
certificate used to establish HTTPS trust by the agent to the PingAccess
engine. Note:
If you are having difficulty connecting an agent to the PingAccess engine, verify that the Agent Trusted Certificate has been configured correctly in Agent Management. |
Generated by PingAccess |
agent.engine.configuration.maxConnections | The number of connections a single web server worker process maintains to the PingAccess engine defined in the agent.engine.configuration.host parameter. | 10 |
agent.engine.configuration.timeout | The maximum time, in
milliseconds, a request to PingAccess can take from the agent. If this time
is exceeded, the client will receive a generic 500 Server
Error response. |
30000 |
agent.engine.configuration.connectTimeout | The maximum time, in
milliseconds, the agent can take to connect to the PingAccess engine. If
this time is exceeded, the client will receive a generic 500 Server
Error response. |
30000 |
agent.cache.missInitialTimeout | The maximum time, in milliseconds, a web server worker process waits for a response to a policy cache request sent to other web server worker processes. | 5 |
agent.cache.broker.publisherPort | The network port web server processes use to publish policy cache requests to other web server worker processes. This port is bound to the localhost network only. | 3031 |
agent.cache.broker.subscriberPort | The network port web server processes use to receive policy cache requests from other web server worker processes. This port is bound to the localhost network only. | 3032 |
agent.cache.maxTokens | The maximum number of tokens stored in the policy cache for a single web server worker process. A value of 0 means there is no maximum. | 0 |
agent.cache.disabled | Determines whether caching of policy
decisions is enabled or disabled. A value of 1 disables
caching, forcing the agent to communicate with the PingAccess host any time
a policy decision needs to be made. Warning:
Disabling caching has a significant impact on the scalability of the PingAccess Policy servers, as every rule evaluation is processed by the Policy Server. This option should only be used as a last resort because of the performance penalty. |
0 |
agent.engine.configuration.failover.hosts |
The hostname and port of the PingAccess server where the agent should send requests in the event of a failover from the PingAccess host. |
Defined in the PingAccess Admin UI |
agent.engine.configuration.failover.failedRetryTimeout |
Seconds before retrying a failed PingAccess server. |
60 |
agent.engine.configuration.failover.MaxRetries |
The maximum number of retries before considering a PingAccess server unavailable. |
2 |
agent.cache.type | Controls the type of policy cache used by
the agent. There are three valid values for this property:
|
AUTO |
agent.send.inventory |
Determines whether the This header contains the following fields:
For more information, see Agent inventory logging. |
|
agent.inventory |
Specifies additional values to include in the
The following syntax is used.
Note:
The specified header fields are case-sensitive. |
Not present by default. |
agent.apache.host.source.headerName |
If present, specifies a header that overrides the default
|
Not present by default. |
You can add comments to the agent.properties files if necessary.
Lines beginning with the #
or !
characters are ignored
by the agent.
Changes to the agent.properties file require a restart of the web server.
See the Performance Tuning Guide for a discussion on improving agent performance.